If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Can You Help? Which Results Are Actually Rootkits?

Can you help? I rootkit scanned my system using Spybot last night & many more potential rootkits were flagged than I expected. Which of the results below are likely rootkits & are safe to be deleted using Spybot? I don't mind also deleting things which are indeterminate, but whose deletion won't harm my system.

Things To Make You Go "Hmmm..."

Thanks for your timely reply!

I'm using Windows 10 Pro.

I was initially concerned I might have a rootkit because of the sheer number of things flagged by my scan.

Also, sometimes for a space when I try to do something on my system (like clicking to open the Windows Start menu or to close a window) it doesn't happen or takes ages. Admittedly some of this could be due to the age of my system's hardware & ?maybe? it'd work better with more memory (I currently have 4 gigabytes.)

The next thing to concern me is recent but unreproducible : (1) a rectangular part of ?the screen or an open window? flashes ?mostly black &/or white, like highlighted text?, ?showing a window that should not be visible as it's beneath another one? & (2) the system beeps as if there's an error or I tried to do something not possible. Trying to flick between windows, e.g. with the Alt + Tab keys, may sometimes trigger this. Note this is not a monitor issue.

Finally, if the occasional quirks I've listed above continue & they're not due to hardware issues, I am guessing they're possibly a rootkit, as I've been performing a series of full non-rootkit malware scans & clean ups of my normal system (some tests remain for the drives I usually don't have plugged in, like my thumbdrive), using different software (Kaspersky, Malwarebytes, Spybot), but the latest scans have turned up (1) no viruses etc & (2) no spyware with a "Threat" bar rating even half-way, with most flagged items looking pretty innocuous.

I note Kaspersky did detect quite a substantial number of issues in files on one external drive which has (unusually) been plugged in & used alot to do a biannual backup this week, with multiple types of malware reported in some individual files. (All these files were deleted before the latest full scan of my normal system, which was clean.)

I suspect at least some files here were falsely flagged (1) because they did contain code to access systems more deeply, but Kaspersky didn't recognise them as legitimate (e.g. ironically this includes an old version of the ZoneAlarm antimalware program's uninstall exe); (2) since this backup drive is hardly ever used & so is unlikely to get infected; (3) because some or all the files flagged may have been on this drive a long time, during which they were likely subjected to scans, which did not find them suspicious; & (4) since the finding of multiple malware issues in single files seems unusual.

Apparently your anti-virus program is not flagging an infection on the machine. External hard drives are a separate matter.

Originally Posted by Krnt2007

Also, sometimes for a space when I try to do something on my system (like clicking to open the Windows Start menu or to close a window) it doesn't happen or takes ages. Admittedly some of this could be due to the age of my system's hardware & ?maybe? it'd work better with more memory (I currently have 4 gigabytes.)

4 gigabytes Ram, how much space is on the hard disk?

Also, is the operating system 32-bit or 64-bit, and was your Windows 10 an upgrade on a previous operating system or a fresh installation?

The Plot Thickens

I'm running the 64-bit version of Windows 10. It was probably a fresh install, but I got it from an NGO that makes systems partly from second-hand parts for people with disability etc, so I can't be sure. (I believe Microsoft has an arrangement with them where they give them legitimate keys to Windows &/or Office.)

My system disk has 27.3 out of 99.1 Gigs free; the other drive in my tower 19.3 out of 149. I'm going to free just over another 4 Gigs from the second drive soon, as it's under the 15% people (at least used to) say you should leave free on a drive for your system to work smoothly.

I run a relatively tight ship system-wise in some ways, including a filter which if anything is overzealous in blocking the occasional website I try to visit, when it looks possibly harmless but I'm not sure (recently I was blocked from visiting every site I tried offering reviewer-recommended remote access / viewing tools to help a relative with pernicious tech issues.) I don't tend to download exe's apart from e.g. community-suggested mods & patches for older games I buy at gog.com; or torrent; or visit dodgy sites deliberately. I also manually scan almost every single file I download. So it will be interesting to try to figure out where I might've picked up malware, if it's found.

My system disk has 27.3 out of 99.1 Gigs free; the other drive in my tower 19.3 out of 149. I'm going to free just over another 4 Gigs from the second drive soon, as it's under the 15% people (at least used to) say you should leave free on a drive for your system to work smoothly.

As you have experienced a few issues with Windows that may be a good place to start troubleshooting before looking for a possible infection.

Please register at whatthetech and start a topic in their Windows forum here